Rethinking the Internet architecture… Are you crazy?
During the last 20 years the internet became more and more prominent and intricate. As individuals, we use it at home, at school, at work and now on the move. The economy became more dependent upon the internet and entire industries are regularly being totally disrupted by new pure click companies. So why change the internet when it is so successful? And how to change the internet when there is so much at stake? These are questions that Swisscom and the professor Adrian Perrig and his team at the ETHZ are tackling.
So first, why change the Internet?
It is turning into a litany that the internet was not designed to become the network it now is. Indeed some of its original features are seriously compromising the communications’ privacy and security. As professor Perrig put it, one has to pray when sending IP packets in the internet that they won’t fall in the wrong hands.
One of the core issue is the trust needed to route IP packets between various Autonomous Systems (AS), i.e. internet domains managed by a single entity. According to Wikipedia, the number of ASes multiplied tenfold between 1999 and 2014 from 5000 to 47000. Knowing if you can trust an AS to transport your packets is no sinecure. Several models are proposed to address this issue. However none of these is fully satisfactory: either internet players need to agree on a single root of trust to vouch for everybody else (e.g. RPKI for BGPSEC or DNSSEC) in a context of high political division or the trust is delegated to a number of roots of trust, such as TLS PKI which relies on more than a thousand roots of trust and where the certificate is accepted is signed by any of these and which offers little progress to the original situation.
Another core issue is that packets can be hijacked and redirected without the sending party being aware of it. Such misconfigurations or attacks are regularly monitored by Dyn Research which compares the announced paths to the one effectively taken. In the following example, packets from New York to Los Angeles were in reality routed via London, Moscow, Minsk and Frankfurt before coming back to New York and being properly routed…
How to change it?
In order to address these issues, Professor Perrig opted for a redesign of BGP , the protocol responsible for exchanging the routing information between ASes and to replace it with a new protocol that he currently develops and tests with his team, SCION (Scalability, Control and Isolation On Next-Generation Networks). In essence the SCION lies upon the concepts of Isolation Domains where a set of internet service providers agree on a single root of trust and on SCION headers containing digitally signed paths for the packets inside and between the isolation domains. In order to see how path are constructed and maintained please refer to the following presentation where denominations are outdated but where concepts still prevail.
Swisscom being highly interested in increasing the security of communications in the internet is actively supporting the SCION effort for example testing the capabilities of SCION routers or devising how a SCION architecture could be incrementally deployed while still offering strong incentives and benefits to the early adopters. We are confident that we found ways forward but this will have to be the subject of another post, unless you join us in the meantime 😉
Credit for Sisyphe’s picture to be given to http://o–v.deviantart.com/